Category: cyberthreat

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read. The top 10 windows logs event id's used v1.0 from Michael Gough

In this two article series, I am going to explain how to spot anomalous activity in proxies and DNS queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and…

I am very surprised to see the title of this video, it should have included malvertising in it however if someone would have asked me about malvertising I would have undoubtedly answered ‘Elias Manousos’. Him and RiskIQ are today the pioneers in the field of external threat surface. The number of views demonstrate how low…

This is another awesome book I recently found trying to validate some knowledge for my next blog post. This is the definitive book to understand today’s malware distribution networks and how they operate. I have spent a considerable amount of time researching and working with technologies aimed at recognizing Malware Delivery Networks and this is…

A couple of days ago I was recommended these 2 documentaries, they are short but concise and they show how cyber criminality is on the rise. In the first documentary they explain how Romania as a result of its history is seeing a surge in cyber criminal activities. It is an excellent testimony from some…

Detection on this phase of the kill chain is not extremely complex, however from a business perspective it is critical for the organization to find this activity. An attacker who has progressed his attack to the C&C phase may be a dangerous and impactful threat for the business. Whether your organization is part of botnet…

I just decided in the last minute that I am not going to write this article you are reading. Instead I am going to copy the links to 2 different video presentations and I am going to leave you with the real experts in this area. Both presentations are by RiskIQ personnel. If you are…

Are you currently threat hunting and not finding much? I do not support this threat hunting modality however it is true that I use it when I do not have the time to go on a hunting trip and keep focused. This is not a silver bullet but it is true that it can help…

In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network. …

Today, I had some time to read the “The security Monitoring and Attack Detection Planning Guide” by Microsoft. I have read different documents in the last couple of months aimed at security monitoring in the Microsoft endpoint however this document it is completely up to date and can help organizations to understand the requirements they…

In my previous post I went through the basics of hunting and its benefits for the organization and for analysts. To continue the journey, today I am going to cover the preparations you need to do before you go out there and hunt. We are covering preparations and locations to hunt. As you need some…